The Application of Public Key Cryptography to Network Security PowerPoint PPT Presentation

presentation player overlay
1 / 32
About This Presentation
Transcript and Presenter's Notes

Title: The Application of Public Key Cryptography to Network Security


1
The Application of Public Key Cryptography to
Network Security
  • Ted Reinhardt
  • reinhardt_at_ncf.ca
  • Course 94.470

2
Learning Objectives
  • Understand how public key cryptography can be
    used to provide network security services such
    as
  • Confidentiality
  • Non-repudiation
  • Authentication
  • Notarization

3
Crypto System
  • a pair of data transformations
  • one encrypts
  • the other decrypts

Encrypt
Decrypt
cipher text
plain text
plain text
key
key
4
  • Encryption
  • Ek(m) ? c
  • m ? plain text message
  • c ? cipher text
  • k ? key
  • Decryption
  • Dk(c) ? m
  • c ? ciphertext
  • m ? message
  • k ? key

5
Symmetric Key Crypto System
  • same key is used for both transformations

A B C D E F G H I J K L M N O P Q R S T U V W X Y
Z Z A B C D E F G H I J K L M N O P Q R S T U V W
X Y
HAL
IBM
IBM
plain text
Encrypt
Decrypt
ciphertext
plain text
Key1
Key1
6
A word about symmetric key crypto systems
  • Keys must be protected at all times at least to
    the highest level of the information exchanged
    for the entire useful life of the message.
  • Key distribution is therefore expensive
  • Keys must be changed frequently
  • large symmetric crypto networks are a nightmare
    to manage

7
Symmetric Algorithms
Rijndael
  • Rijndael
  • RC6
  • Twofish
  • Casear
  • RC4
  • CAST
  • DES
  • Triple DES

8
Public Key Crypto System
  • a pair of data transformations
  • one encrypts
  • the other decrypts

03422AFDS
IBM
IBM
Encrypt
Decrypt
ciphertext
plain text
plain text

public key
private key
9
An Engineering Love StoryOur Cast of Players
Carl
A spy for a tabloid newspaper
Bob
Alice
Totally Clueless
Hopelessly in love with Bob
10
Public Key Crypto System
  • complementary key pairs
  • one private key, and a corresponding public key

Name Public Private Alice 7 13 Bob 11 23 Carl 71
53
Private !!!
11
Public Key Crypto System
Name Public Private Alice 7 13 Bob 11 23 Carl 71
53
  • Alice encrypts message for Bobs eyes only.

Bobs Public Key 11
Bobs Private Key 23
plain text
Alice Encrypt
Bob Decrypt
cipher text
plain text
I LOVE YOU
_at_deew
I LOVE YOU
Sender to Receiver Confidentiality
12
Public Key Crypto System
Name Public Private Alice 7 13 Bob 11 23 Carl 71
53
  • Bob encrypts message for Alices eyes only.

Alices Public Key 7
Alices Private Key 13
plain text
Bob Encrypt
Alice Decrypt
ciphertext
plain text
Sender to Receiver Confidentiality
13
Confidentiality - Objective 1
  • Sender to Receiver Confidentiality
  • Encrypt with Public Key of the Addressee
  • Equivalent to sealing an envelope by encrypting
  • Only the Receiver can decode with his own Private
    Key (as long as the Private Key is kept Private).

14
Public Key Cryptosystem
Name Public Private Alice 7 13 Bob 11 23 Carl 71
53
  • Alice digitally signs message for Bob

Alices Public Key 7
Alices Private Key 13
plain text
Alice Encrypt
Bob Decrypt
cipher text
plain text
Authentication / Digital Signature
15
Authentication Non-Repudiation Objective 2
  • Sender encrypts message with own private key
  • Receiver decrypts message with senders public
    key.
  • Correct decryption indicates the message is
    authentic.

16
Public Key Crypto System
Name Public Private Alice 7 13 Bob 11 23 Carl 71
53
  • Alice signs and seals message for Bob

Bobs Public Key 11
Alices Private Key 13
Ciphered Ciphertext
Alice Encrypt
Alice Encrypt
ciphertext
plain text
Seal
Sign
Combined Digital Signature and Encryption
17
Public Key Crypto System
Name Public Private Alice 7 13 Bob 11 23 Carl 71
53
  • Bob unseals message, and authenticates it

Alices Public Key 7
Bobs Private Key 23
clear text
Bob Decrypt
Bob Decrypts
message signature
Ciphered cipher text
  • Authenticates

Opens
Combined Decryption and Authentication
18
Blind Notarization
  • Alice encrypts and signs a message for Bobs Eyes
    Only
  • Alice sends the message to Carl who takes Alices
    encrypted and signed message, adds a date time
    stamp (11AM 20 Sep 2004), and then signs it.
  • Bob can decode it and check the date time if
    there is a dispute.

19
Blind Notarization
Notary Services
Date-time stamp Notarys Signature
Alice
Signed by Alice Sealed for Bobs Eyes Only
Bob
20
Vulnerability in Key Management
  • Certification of Public Keys is required
    otherwise subject to middle man attack.

Name Public Private Alice 71 53 Bob 71 23 Carl 71
53
Carl can now masquerade as Alice
Carl can now read the message and then
re-encrypt for the intended receiver
21
Solution to VulnerabilityCertificate Authority
  • Certification of Public Keys is required
    otherwise subject to middle man attack.

Digitally Signed by the CA
Alice Public Key13 Expiry10-Aug-2004
Certificate Authority is recognized by all parties
22
Symmetric vs Asymmetric
  • Public Key Crypto
  • Simplifies Key Management
  • Slow
  • Provides Digital Signature
  • Symmetric Key Crypto
  • Black Bag Key Management
  • Fast

23
HybridBest of Both Worlds
  • Use Symmetric Key as session key to encrypt data
    using Symmetric Key Cryptography
  • it is faster
  • Use Public Key to Encrypt Session Key
  • fewer key management problems

24
Message Digest
  • A one way function that provides a unique hash
    based on a data stream input
  • MD5
  • SHA-1

25
Message Digests
26
Signature and Integrity Implementation
Plain text
Message Digest
Plain text
Message Digest
Digest
Digest
Digitally Sign
Signed Digest
Integrity
COMPARE
27
Practicalities of Implementation
Plain text
Symmetric Encryption
Cipher text
Random Session Key
Alices Pub Key
Public Key Encryption
Alices Session Key
Bobs Pub Key
Public Key Encryption
Bobs Session Key
28
Layer 3Virtual Private Network
Alice
VPN Gateway
Internet
Directory
Certificate Authority
VPN Gateway
Bob
29
Layer 4Secure Sockets LayerTransport Layer
Security
SSL Appliance
Protected Web Server
Firewall
Tunnel
Internet
SSL Enabled Browser
30
Issues
  • Who is going to be the CA
  • How does a CA decide to trust another CA
  • If someone is no longer ok, how do you revoke
    their credentials and distribute the info
  • What is the basis for trust
  • Certificate Policies, Certificate Practice
    Statements

31
Issues
  • What is required to make a legally binding
    transaction?
  • Where do you store the private key?
  • Key Escrow --- can someone backup your key for
    you in the event of loss?
  • How do you authenticate people far away the first
    time?
  • What algorithms are ok to use?

32
References
  • RSA FAQ http//www.rsa.com/rsalabs/faq/
  • www.entrust.com Developer Toolkit
  • www.counterpane.com Cryptogram News
  • Cryptography and Data Security (D. Denning)
  • Applied Cryptography (B. Schneier)
  • Communications Security (W. Ford)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2026 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "The Application of Public Key Cryptography to Network Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!